Asecap Days delves beneath the surface of tolling

Malcolm Palmore - cyber crime is a viable and defined threat that is highly evolved.

Colin Sowman picks his highlights from Asecap’s 45th annual Study and Information Days in Paris.

European tolling association Asecap holds annual Study & Information Days, provides delegates with updates on the latest moves and thinking in the tolling sector and is a key meeting place for concessionaires from 22 countries.

The importance of road transport to the French economy was highlighted by the country’s director general of transport infrastructures, François Poupard, in the opening session. He told the conference that roads support 85% of freight transport and that French motorways (most of which are tolled) represent only 2% of the road network but carry one-third of the freight. Highlighting the effect on the French economy, he said the road transport sector supports 2.3 million jobs, accounts for €14bn of public spending and raises a total of €32bn in tax revenues.

France introduced tolling concessions 50 years ago as a quicker way of rebuilding the infrastructure, he told the audience, and added that they have now become a way of budgeting motorways and of sharing risks between the government and the private sector. The first session examined financing and was addressed by Neil Valentine – head of the European Investment Bank’s (EIB) Strategic Roads Division. The EIB has long been a provider of infrastructure funding but Valentine indicated the bank’s move away from simple infrastructure financing to a broader remit, including funding decarbonisation and environmentally-based projects.

He said: “Cities are dying, quite literally, because they cannot breathe and the mayors of these cities are actively embracing decarbonisation. But in mobility terms, decarbonisation is not the biggest change, it is just a change of fuel source and we will still have vehicles and these will cause congestion, parking problems, safety issues and so on –things motorway operators know all about.”

Valentine went on to say that the bank is being asked to step up climate finance, and classic infrastructure does not fall under this heading. “But it doesn’t mean we can only do climate finance, we are about balance and reflect European policy – which is always multi-headed and occasionally contradictory.”

Bill Halkias, president of Greek concessionaire Hellastron, invited delegates to challenge the EIB’s position and said public-private partnerships (PPPs) and concessions were developed, in part, to overcome the shortage of finance in the public sector. They were designed by the public sector to fund important infrastructure for which there were no public funds available and where risks were allocated to the parties best available to absorb them. Greece used PPPs to fund a number of building projects prior to the 2004 Olympics and subsequently, this became the concession model to build a number of tolled motorways. However, he said, in 2010 the financial crises hit and instead of needing to terminate the projects, the flexibility of the concession model allowed changes to be made in order for the operation to continue. “This is the merit of the concession model, we live and die together.”

The EIB's lending on road infrastructure has reduced over the last few years.

Halkias also identified the technological changes facing the tolling sector over the next 20 years and highlighted that half of new car sales in Norway are now electric vehicles – which are not liable to pay tolls in Norway.

“The future is already here,” he told delegates. “In France, 50 or so toll companies are consolidating into five or six regional ones as they have already lost half of their income. One prediction is that in Helsinki, car ownership will be demolished in about 10 years and they will all be shared vehicles.”

By way of preparedness, he added that Asecap’s top priority is to extend the concessions and send a message to the EIB and the European Commission: “We cannot sign a contract for 30 years and expect that the world would not change in that time. Concessions need flexibility. Give us the flexibility we need, give us the extensions we need and ask us to be investors in the new things that are coming.”

He advocated fair and prudent discussions among concessionaires and public states but warned “let’s stay away from political debate and new rules about funding – we need you and you need us.”

In finishing, Halkias challenged his audience, saying: “We are all toll operators so let’s also become investors in our ‘house’.”

Cyber threat

That the ‘future is already here’ was the message from keynote speaker Malcolm Palmore but, in his case, he was referring to technological challenges and cyber threats.

Palmore, an FBI special agent in charge of San Francisco’s Cyber Branch, opened with a word of warning for delegates: “If you are an executive in this sector, I hope that you have a defined security apparatus attached to your company. Without that you may find yourself on the bad end of a security breach with no real way to address what you are dealing with.”

According to the latest figures, the average cost to a business of a significant security breach is between $4million and $5million and there were more than 2,000 breaches reported in 2016 (although the actual number is far higher). He told the captivated audience that the ‘Target breach’, which happened a few years ago through a third party vendor with full access to the main network, has cost one particular company almost $280m in mitigation and remediation.

Palmore did, however, encourage companies to embrace the new technologies and said security issues need not hamper innovation. His recipe for businesses looking to minimise their risk was “hire cyber security professionals and empower them to do their job”.

Breaking down the threat, he said that most breaches are the result of credential theft, password theft or ‘spear phishing’ where emails, ostensibly from a known or trusted individual or company, are sent out to induce individuals to reveal confidential information. “How many of you have received emails from unknown individuals asking you to click on a link or open an attachment? If you or your employees are doing this, then you open your network to potential infiltration by cyber threat actors.

“These types of emails are sent out in their millions on a daily basis,” he continued and asked the audience, “what have you done to educate your workforce about this threat? And what steps have you put in place to remediate the eventuality, and it is an eventuality, that someone will click one of these links?”

There is a viable and defined threat that is highly evolved, said Palmore, adding that more than half of the security breaches are committed by organised criminals. He described the Dark Web where personal information and data stolen from companies is bought and sold by criminals with almost complete anonymity and said the average length of time to discover a breach was in excess of 180 days. “Just imagine what damage criminals can do to your business in 180 days?”

Having described the criminals as “prolific” he said most are entirely opportunistic, responding to anybody who clicks the link rather than targeting individual companies. However he warned that some nation states are enlisting criminal threat actors to target particular networks and systems in order to further their own strategically-motivated activities. What can be even more damaging is internally motivated actions – that is employees stealing information and/or diverting funds.

To prevent security breaches in day-to-day operations Palmore advocated strong passwords, two-part authentication where possible, and that businesses implement the security patches coming from the hardware and software companies. He urged companies to carry out vulnerability assessments - particularly pertinent to the transport sector which has an abundance of outlying attachments, such as roadside ITS. In ending, he implored companies to proactively contact law enforcement entities and develop relationships with specialists who can help deal with a breach before they suffer a hack and to not leave it until it is too late.

EETS & REETS

One of the biggest challenges facing Asecap’s members is EETS, the ‘one-box anywhere’ European Electronic Tolling Service which should have been implemented for trucks by 2012 and for all vehicles by 2014. With no sign of implementation on the horizon, the European Commission asked several interested parties to implement regional EETS (or REETS) in a project which ran to 2015. Following that, the Commission launched the EETS Facilitation Platform and is in the process of revising the regulation which is currently in the legislative process.

Hubert Resch of Asfinag, who is also secretary of the EETS Facilitation Platform, was asked why these deadlines were missed. He replied that he did not see this as a failure but that the original legislation was flawed and this revision represents a “return to reality”.

This view was echoed by Eva Tzoneva, president of Association for Electronic Tolling and Interoperable Services, who said the legislation was flawed and, therefore, not adopted by member states. “Each of the countries implementing electronic tolling was inventing a system of its own, so it is quite difficult to come to commonality when there are so many systems.”

The mix of state-owned tolling entities and private concessionaires also complicated matters she said, adding that the best cooperation has been with the private companies. “Where we need to deal with state-owned agencies, that has been quite difficult.”

Tzoneva also highlighted problems with the business case, saying: “In order to implement something that is fundamentally innovative in the market, there must also be a fair recognition and remuneration for players investing money in making EETS happen.”

She ended saying that progress has been made in many countries and the discussions on remuneration will continue once the revised directive is finalised.

That legislation, if published in time, will certainly feature prominently in next year’s Study & Information Days event.